Asked by:

Create SRV record for GNZ in Cross Forest

Question

I am trying to follow the GNZ documentation and get single-label name resolution to work across forests. No luck.

1) Created conditional forwarding between forests

2) created two-way forest trust

3) enabled GNZ on all DNS servers in both forests

4) created GlobalNames zone in Forest A.

5) created cname record for resource in Forest A.

6) created SRV record in Forest B.

The instructions in the deployment guide say:

In each of the other forests, to the forest-wide __msdcs zone which should be replicated to all DNS servers in the forest, add SRV resource records pointing to each remote domain controller DNS server that hosts a local copy of the GNZ:

so in Forest B, I am expecting to be able to type http://intranet and get resolution from the GlobalNames zone in Forest A. The SRV record is in the root of Forest B's msdcs folder. _globalnames.msdcs.forestb

I did create the srv record in the other forest and it's not working. You can see that in my list. (I actually created an SRV record in every possible location- I spent two hours testing this but still without success). I
am unsure as to exactly where to put it on account the instructions in the two documents are unclear and don't seem to agree. I do not have a search suffix defined because it shouldn't matter- I am not trying to get name resolution to work using FQDN's
- but using GNZ. Wouldn't adding a suffix defeat the point? The GNZ guide explains:

"For a customer with many domains, managing a suffix search list for all clients can be cumbersome, and client query performance is also somewhat lowered when querying a single-label name with the list of domains. For environments that require both many
domains and single-label name resolution of corporate server resources, GNZ provides a more scalable solution.

If you cannot configure the DNS client suffix search list for all computers requiring this single-label name functionality, and you also require that single-label names for servers are global and unique, then the GNZ might be suitable. "

I did some testing with a friend and we found that it didn't work across forests with conditional forwarders as the means to bridge the two non-contiguous names, but rather just plain forwarding. We did this using four separate servers, four domains,
two forests - and the results were consistent. Nothing in the documentation suggests there's a need for a particular forwarding configuration. I'm curious Marcin if you used conditional forwarding or stub zones or something else?

For anyone else coming across this - I've initially set my test environment using stub zones. Cross-forest GNZ did
not work until I've deleted the stub zones and configured plain forwarding, just as Jason said.

Can you provide some details on how you configured your primary DNS suffixes and suffix search lists in both forests, and where exactly you created the SRV record(s).

I find the documentation to be confusing. If it is based on a constructed FQDN by appending some suffixes to the unqualified single-label name, then it is no different from using search suffixes and CNAMEs, so I don't really see the point and the application
of the whole GNZ concept.

Erszényes, I don't remember the exact setup of my scenario, since I no longer have that environment. I recreated a similar setup a couple of weeks ago however. 2 forests - GlobalNames zone created in one forest with one CNAME test record, _globalnames SRV
entry in the other forest's _msdcs zone, Global Names support enabled for the DNS servers in both forests, DNS suffixes separated. I spent quite some time trying to make it work, however I could never do it - except when turning on DNS suffixes, which pretty
much defeats the whole purpose of the GlobalNames zone. This makes me believe that I might have used DNS suffixes in my original setup.

So at this point I'm curious myself about the details of the implementation of somebody who made it work.

Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.